Search This Blog

Concerns by Policy-Level Executives about Cyber security

Description

On February 26, 2014, the U.S. Commodity Futures Trading
Commission published guidance outlining the data security practices it expects
from firms it oversees and the third parties they contract with.[1]

The
importance of this issue is also reflected in the notices from the SEC’s Office
of Compliance Inspections and Examinations and from the Financial Industry
Regulatory Authority.[2]

Executives and board members lack knowledge about the cyber
risks their organizations face and how to include cyber risk management in
overall business strategy.

·52% of directors ranked IT strategy and risk as
the #1 issue for which they need better information and processes – behind only
strategic planning.[3]

·69% of directors are concerned that cyber
threats may impact growth.

·77% of respondents to the US State of Cybercrime
Survey detected a security event in the past 12 months, and more than a third
said the number of security incidents detected increased over the previous
year.[4]

·Only 49% of respondents have a plan for
responding to insider threats.

·Only 38% of respondents prioritize cyber
security investments based on risk to the business.

Banking and finance organizations are currently spending up
to $2,500 per employee/year on cyber security. At this level this sum
represents approximately 15% of the total IT budget. In retail that also amounts
to a comparable ratio,

Executive Guidance

Most of the organizations surveyed do not have cyber
security programs that can match skills and technological capabilities of their
cyber adversaries. To initiate such programs will require first answering the
following policy-level questions:

·What are your most crucial cyber assets and what
is being done to keep those secure?